Posted on Thu, Sep. 18, 2008
last updated: November 24, 2010 01:49:36 PM
A hacker broke into the Yahoo e-mail account that vice presidential candidate Sarah Palin uses for official business as Alaska's governor as well as for personal communications.
The intrusion, which apparently began early Tuesday morning, alarmed the McCain-Palin campaign, though Internet security experts and Palin critics weren't surprised that her Yahoo account on the Web was vulnerable.
"This is a shocking invasion of the Governor's privacy and a violation of law," GOP presidential campaign manager Rick Davis said Wednesday in a written statement. "The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these emails will destroy them."
The FBI is investigating what happened along with the Secret Service, said Eric Gonzalez, FBI spokesman in Anchorage. Cyber agents are looking into it as a possible "computer intrusion" crime, he said.
In a post that it called "Today's Viral Thing," Time magazine said hackers who are part of a "cryptic Internet posse known for its attacks on Scientology" apparently were responsible.
Some blogs say the group consists of people who chat on the same bulletin board about whatever amuses them, however offensive it might be, and try to stir up trouble. Some reports say Palin's e-mail address and password were posted on that bulletin board.
Several other posters handed over the contents of the e-mail account firstname.lastname@example.org to Wikileaks.org, a site that anonymously hosts leaked government and corporate documents. Wikileaks posted screen shots of two e-mails, Palin's contact list, and her inbox list, along with two previously unpublished family photos. That address was previously unknown but another, email@example.com, already had been mentioned in published reports.
Both e-mail accounts have been canceled, said Meg Stapleton, a spokeswoman in Anchorage for the campaign.
Palin's contact list included her children's e-mail addresses, her parents' e-mails, and private e-mail addresses for several staffers and Lt. Gov. Sean Parnell, according to the screen shots posted.
The screen shots soon jumped from Wikileaks to other Web sites.
Neither of the e-mails posted concerned state business, but some of those in her Yahoo inbox had subject lines that sounded official. "Memorandum of Law," "John Harris's response to Lyda Green," and "CONFIDENTIAL Ethics Matter" were all forwarded to her on Aug. 7 by chief of staff Mike Nizich.
Aides wrote to her about scheduling, nominations to the state Court of Appeals and a letter being sent to California Gov. Arnold Schwarzenegger. Some of the e-mails concerned "DPS Personnel and Budget Issues," presumably referring to the Department of Public Safety, which Walt Monegan led until his firing in July. Lawmakers are investigating whether Monegan was pushed out over refusing to fire the governor's ex-brother-in law, Trooper Mike Wooten.
One of the e-mails purported to be a July exchange with Parnell over concerns about how KFQD radio talk show host Dan Fagan was treating him over his support for Palin's higher oil taxes. Under the subject line "Looks like it's my turn in dan's crosshairs" in an e-mail written after normal business hours, Parnell complained that things were getting "ugly."
The reply, from firstname.lastname@example.org, came at 2:14 a.m. the next day: "Arghhhh! He is so inconsistent and purposefully misleading! I am sorry Sean. He can keep trying, but you are the right one for the Congressional position and he KNOWS it (that's the inconsistency!)"
Efforts to reach Parnell were unsuccessful, and the private e-mail address listed had been permanently changed, according to an automatic reply.
The other e-mail posted was sent Sunday from a private e-mail account in the Valley. "Hey Sarah, I am reading the paper, and have thoughts and prayers going your way. Don't let the negative press wear you down. Pray for me as well," the writer said.
Rachael Petro, state deputy commissioner of administration, said the governor's Yahoo account is outside the control of the state e-mail system, which she said is very secure. The reported breach doesn't change anything for the state system, she said.
"Our security shop runs 24-7, 365. We have monitoring ongoing every single day of the year, 24 hours a day," Petro said. "Is it heightened? No. We are already monitoring 24-7."
It's easier to hack into Web mail like Yahoo and Gmail than corporate or government-sponsored accounts, which by design are better protected because they are not available to everyone on the Web, said Bill Pennington, vice president of a Santa Clara, Calif., Internet security company called WhiteHat Security.
"Yahoo obviously is open to anybody on the Internet wherever you go, so it's much easier to break into from that perspective. I can go on and if I know someone's Yahoo e-mail address, I can spend many hours and days if I want to trying to break into that user's account just by guessing passwords," Pennington said.
The screen shots posted on Wikileaks included what looks to be a draft e-mail to an aide, Ivy Frye, asking that Palin be alerted.
"This email was hacked by anonymous, but I took no part in that. I simply got the password back, and changed it so no further damage could be done. Please get in contact with Sarah Palin and inform her the new password on this account is samsonite1." It was signed "the good anonymous."
Passwords should include a combination of letters, numbers and punctuation and never should be given out, Pennington said.
Activists trying to pry loose e-mails from the governor's office have been accusing the governor of operating in secrecy through Yahoo for months. Andree McLeod, who is appealing the administration's decision to withhold 1,100 e-mails from a public records request this summer, was concerned about security even before the breach.
"If this woman is so careless as to conduct state business on a private e-mail account that has been hacked into, what in the world is she going to do when she has access to information that is vital to our national security interests?" McLeod said Wednesday.
The Palin administration did turn over four banker's boxes of records, but not everything that McLeod and another activist, Zane Henning, sought.
"My reaction is 'wow' and 'I could have told you so,' " Henning said about the breach.
He said while the activists are seeking records, they are doing so through legal procedures. Hackers haven't gone through proper channels and could tap sensitive information, he said.
Palin is not concerned that any sensitive items were let out through the breach, said Stapleton, the campaign spokeswoman.
The governor already has turned over e-mails to the investigator looking into Monegan's firing, Stapleton said.
Because of the security concerns, her aides won't say what e-mail service she now uses.
Yahoo didn't respond to a request sent through its Web site to address the breach.